Greg/WeightTracker
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor: move CORS config from global to route-specific locations in nginx.conf

Browse Source
This commit is contained in:
Greg 2025-05-27 01:12:43 +02:00
parent 94040bf553
commit 0439e7f691
1 changed files with 38 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

57
nginx.conf
View File

@ -1,4 +1,3 @@
# Main server block
server {
listen 80;
server_name localhost;
@ -9,12 +8,24 @@ server {
gzip on;
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
# Global CORS configuration
# DATA API ENDPOINTS - NO AUTHENTICATION
location ^~ /data/ {
auth_basic off;
proxy_pass http://localhost:3000/data/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# CORS headers
add_header 'Access-Control-Allow-Origin' '*' always;
add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS' always;
add_header 'Access-Control-Allow-Headers' 'Origin, X-Requested-With, Content-Type, Accept, Authorization' always;
# Global OPTIONS handler
# Preflight requests
if ($request_method = 'OPTIONS') {
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS';
@ -24,43 +35,39 @@ server {
add_header 'Content-Length' 0;
return 204;
}
# DATA API ENDPOINTS - NO AUTHENTICATION
# This location must be defined BEFORE the root location to take precedence
location ^~ /data/ {
# Explicitly disable authentication for data API
auth_basic off;
# API Proxy configuration
proxy_pass http://localhost:3000/data/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
# AUTHENTICATED APPLICATION ROUTES
# This covers all routes except those specifically excluded above
location / {
# Apply authentication
include /etc/nginx/auth.conf;
# Serve static files
try_files $uri $uri/ /index.html;
# CORS headers
add_header 'Access-Control-Allow-Origin' '*' always;
add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS' always;
add_header 'Access-Control-Allow-Headers' 'Origin, X-Requested-With, Content-Type, Accept, Authorization' always;
# Preflight requests
if ($request_method = 'OPTIONS') {
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'Origin, X-Requested-With, Content-Type, Accept, Authorization';
add_header 'Access-Control-Max-Age' 1728000;
add_header 'Content-Type' 'text/plain charset=UTF-8';
add_header 'Content-Length' 0;
return 204;
}
}
# Enable browser caching for static assets
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
# Include authentication for static assets
include /etc/nginx/auth.conf;
expires 30d;
add_header Cache-Control "public, no-transform";
add_header 'Access-Control-Allow-Origin' '*' always;
}
}
# Error pages
error_page 404 /index.html;